NodeJS - HMAC-SHA512 Equivalent code in Node from C#

Question

using System;   
using System.Text;   
using System.Globalization;   
using System.Security.Cryptography;   
  
public class Program   
{   
    public static void Main()   
    {   
        var id = "integration";   
        var key = "SECRET_KEY";   
        var expiry = DateTime.UtcNow.AddDays(10);
        using (var encoder = new HMACSHA512(Encoding.UTF8.GetBytes(key)))   
        {   
            var dataToSign = id + "\n" + expiry.ToString("O", CultureInfo.InvariantCulture);   
            var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));   
            var signature = Convert.ToBase64String(hash);   
            var encodedToken = string.Format("SharedAccessSignature uid={0}&ex={1:o}&sn={2}", id, expiry, signature);   
            Console.WriteLine(encodedToken);   
        }   
    }   
}

Reading the above C# Code and reading through crypto I believe that should translate to this....

const { createHmac } = require('crypto');

const id = 'integration';
const key = 'SECRET_KEY';
const expiry = new Date(new Date().setDate(new Date().getDate() + 10));
const encodedkey = new TextEncoder().encode(key);
const encodedvalue = new TextEncoder().encode(id + '\n' + expiry.toJSON());
const signature = createHmac('sha512', encodedkey)
    .update(encodedvalue)
    .digest('base64');
console.log(`SharedAccessSignature uid=${id}&ex=${expiry.toJSON()}&sn=${signature}`);

But after running both and testing the produced output against azure the C# output works while the Node output doesn't. (relevant: https://learn.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication)

What am I missing?

can you please show the input and differents output of both versions? — jps, Jul 17 '22 at 10:40
Can't easily because the date is obviously slightly different in both and not too familiar with dates in C# so because dates will always be slightly different (in seconds) outputs will always be different even when the correct answer is found — Shanon Jackson, Jul 17 '22 at 10:44
For the C# code you can paste the code here https://replit.com/lm/csharp and it will show example output — Shanon Jackson, Jul 17 '22 at 10:45

Shanon Jackson · Accepted Answer · 2022-07-19T09:37:51.413

Was found by a colleague

The issue is expiry.ToString("O", CultureInfo.InvariantCulture) produces the Date string... "2022-07-28T05:19:33.2720140Z" new Date().toJSON() produces the Date string... "2022-07-28T05:18:33.778Z"

The difference is the decimal places, to fix this I changed the above code to this and works great....

const { createHmac } = require('crypto');

const key = 'SECRET_KEY';
const expiry = new Date(new Date().setDate(new Date().getDate() + 10)).replace('Z', '0000Z');
const signature = createHmac('sha512', key)
    .update('integration' + '\n' + expiry)
    .digest('base64');
console.log(`SharedAccessSignature uid=integration&ex=${expiry}&sn=${signature}`);

NodeJS - HMAC-SHA512 Equivalent code in Node from C#

1 Answers1